Defending Against Today’s Ransomware Crisis

Colonial Pipeline, JBS, The Massachusetts Steamship Authority – these are just the most recent organizations hit in a string of ransomware attacks that have disrupted U.S. logistics and services over the past few weeks.

Ransomware has become a massive problem for every organization today. In fact, the spike in these ransomware attacks led President Biden to add the threat to his agenda to discuss with Russian President Vladimir Putin at their joint summit in Switzerland.

Despite ransomware becoming a household name essentially overnight, according to Sophos’s The State of Ransomware 2021 report, based on findings from an independent survey of 5,400 IT managers in mid-sized organizations in 30 countries across the globe, the number of organizations being hit by ransomware has actually dropped in the past 12 months down 14% since 2020. However, the financial impact of an attack has more than doubled, increasing from $761,106 in 2020 to $1.85 million in 2021.

We expect this is due to ransomware gangs both deploying more advanced tactics, techniques and procedures (TTPs) that are harder to recover from, and from going after more lucrative targets. The report finds that larger organizations with thousands of employees are more likely to be attacked by ransomware than smaller companies – indicating that ransomware attackers are drifting toward targeting larger victims capable of paying bigger ransoms.

In response to these devastating attacks, businesses, like Colonial Pipeline, are increasingly paying the ransom to get their data back, 32% up from 26% in 2020. And, while Colonial was lucky enough to recover some of the money they paid in ransom to the DarkSide attackers, that is not the typical outcome. In fact, less than 1 in 10 organizations even get all of their data back after paying the ransom, never mind the money they paid.

The report also provides insight into how different countries and sectors have been affected by ransomware over the last year. Some highlights include:

  • India reported the most ransomware attacks with 68% of respondents saying that they were hit last year. Conversely Poland (13%) and Japan (15%) reported the lowest levels of attack.
  • Geographical neighbors Austria and the Czech Republic are poles apart when it comes to ransomware recovery costs: Austrian respondents reported the highest recovery cost of all countries surveyed while Czech respondents reported the lowest.
  • Retail and education (both 44%) were the sectors that reported the highest levels of attack.
  • Energy, oil/gas, and utilities is most likely to pay the ransom (43%).

Protecting you and your customers from ransomware

Considering these findings, Sophos experts recommend the following best practices for MSSPs to protect themselves and their customers against ransomware:

  1. Assume you will be attacked. If you’re one of the 22% who thinks they won’t be attacked by ransomware in the near future, it’s time to rethink. No one is immune, and everyone is a target.
  2. Constantly backup your data. Backups are the prime method for restoring data after an attack. This is especially important with ransomware, as even paying the ransom is no guarantee you’ll get all of your data back (to the contrary, you’re almost guaranteed not to get all of your data back).
  3. Just don’t pay the ransom. This is easier said than done, but the fact is that paying your attacker just isn’t an effective way of getting back your data – which is why you’d pay the ransom in the first place. That said, if you do choose to pay, make sure you’re factoring into your cost-benefit analysis that you’re likely to get back no more than about two-thirds of the data that was encrypted or stolen – and that you almost definitely won’t get back all of it.
  4. Set up your incident response plan now. The best offense for dealing with a ransomware is a good defense – in this case, an incident-response, malware recovery plan. Many businesses that get attacked by ransomware learn too late that preparing this in advance could have saved them a lot of money, pain and downtime.
  5. Prepare your defenses. Examine the security capabilities you have and make sure you have the right security protection in place. No one solution is perfect, but it can vastly reduce the risk of an attack if you’re deploying high-quality defenses such as endpoint protection, firewalls and identity security.

To learn more about today’s ransomware landscape, click here.

Guest blog courtesy of at Sophos. Read more Sophos blogs here.